Croft Architecture GDPR HUB
Do you always know how your data is being used and protected by the companies you’re giving it to?
Many of us don’t.
We're now in an age where technology is developing at an increasing pace and electronic data sharing is becoming easier, more common and there are ever more technical and complex ways to share and communicate digitally. This presents fantastic opportunities for us all, but also dangers when our data can fall into the wrong hands or be misused
That’s why new legislation known as GDPR (General Data Protection Regulation) is being enforced on the 25th May 2018 to improve how date is used and made available. GDPR will replace the existing Data Protection Act and will give you more choice about your data.
Find out below what exactly this means for you as our client.
What is GDPR and why do we need it?
As technology develops, we can easily share our private data in countless new ways, but where and how is it being used? People are understandably becoming increasingly worried about data security.
GDPR is being introduced, to reflect our new digital age. The new data protection rules will create uniformity between all EU member states under one common regulation. GDPR will be enforced across all 28 EU member states, meaning everyone is following the same rules!
In the UK, GDPR will replace the Data Protection Act to better protect our data from breaches and hacks.
What data does it protect?
GDPR aims to safeguard and protect your rights within a networked world.
But what data does it cover?
GDPR aims to protect any personal data a company holds about you, for example your name, address, email address, age, images, social networking accounts, IP address or medical history.
How will it affect UK businesses?
Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if business's are complying properly with the current law then most of their approach to compliance will remain valid under the GDPR and will be the starting point to build from.
However, there are new elements and significant enhancements, so businesses will have to do some things for the first time and some things differently.
GDPR will affect all public and private organisations in all 28 EU member states, including customers and employees.
The biggest changes and challenges will be seen by businesses rather than consumers.
Businesses must consider: Where is the data coming from, where is it being stored who as access and where is it going to?
Failure to comply with the regulations will lead to hefty penalties, including a fine of up to €20 million or 4% of the company’s total profit.
Any data breach needs to be reported to the relevant authorities within 72 hours, and if there’s a risk involved to the data subject (i.e the people the data concerns) they’ll have to inform their customers too.
How will GDPR affect me?
Businesses need to document what personal data they hold, where it came from and who they share it with. They may need to organise an information audit across the organisation or within particular business areas.
Businesses will then have to make changes to their data policies in preparation for the new regulations.
Consumers don’t have to do anything in particular to prepare, but they should be aware that the law is changing to the GDPR and what that means for them.
Consumers will probably have started to notice some changes changes leading up to the May 25. For example, you’ll probably receive emails asking to stay in touch by resubscribing to newsletters or find that when making purchases online, there will be more obvious check boxes relating to how the company can use your data – for example to send you emails, or share data with a third party.
GDPR also gives you a number of ‘rights’ when it comes to your data, including:
The right to be informed – you have a right to know how your data will be used by a company.
The right to access your personal data – you can ask any company at any time to share with you the data they have about you and how they are using it
The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.
The right to erasure – this means that you have the right to request that a company deletes any personal data they have about you. There are some exceptions, for example, some information can be held by for legal reasons.
The right to restrict processing – if you think the data being held about you us incorrect, or know that a company isn't complying to rules, you can restrict any further use of your data until the problem is resolved.
The right to data portability – this means that you can ask a company holding data about you if they will have to share your data with you in a way that can be read digitally, for example via a pdf. This makes the process of sharing your data with you a lot quicker and easier.
The right to object – if you're unhappy with the way in which a company is holding, storing or using your data you can object. For example, this will make it easier to avoid unwanted marketing communications and spam from third parties.
Rights in relation to automated decision making and profiling – this will protect you in a situation where a decision is made about you based entirely on automated processes rather than by a human.
Your details are in safe hands
Rest assured your information is always treated securely and responsibly. Just like other UK and EU companies, we are preparing for the General Data Protection Regulation (GDPR) to make sure your data is as safe as possible.
We are committed to collecting and using your data fairly and in accordance with the requirements of the GDPR.